<serviceAuthorization> element
Specifies settings that authorize access to service operations
Schema Hierarchy
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior> of <serviceBehaviors>
<serviceAuthorization> element
Syntax
<serviceAuthorization
impersonateCallerForAllOperations="Boolean"
principalPermissionMode="None/UseWindowsGroups/UseAspNetRoles/Custom"
roleProviderName="String"
serviceAuthorizationManagerType="String" />
<authorizationPolicies>
<add policyType="String" />
</authorizationPolicies>
</serviceAuthorization>
Attributes and Elements
The following sections describe attributes, child elements, and parent elements.
Attributes
Attribute | Description |
---|---|
impersonateCallerForAllOperations |
A Boolean value that specifies if all the operations in the service impersonate the caller. The default is false. When a specific service operation impersonates the caller, the thread context is switched to the caller context before executing the specified service. |
principalPermissionMode |
Sets the principal used to carry out operations on the server. Values include the following:
The default value is UseWindowsGroups. The value is of type PrincipalPermissionMode. For more information on using this attribute, see How To: Restrict Access With the PrincipalPermissionAttribute. |
roleProviderName |
A string that specifies the name of the role provider, which provides role information for a Windows Communication Foundation (WCF) application. The default is an empty string. |
ServiceAuthorizationManagerType |
A string containing the type of the service authorization manager. For more information, see ServiceAuthorizationManager. |
Child Elements
Element | Description |
---|---|
authorizationPolicies |
Contains a collection of authorization policy types, which can be added using the add keyword. Each authorization policy contains a single required policyType attribute that is a string. The attribute specifies an authorization policy, which enables transformation of one set of input claims into another set of claims. Access control can be granted or denied based on that. For more information, see AuthorizationPolicyTypeElement. |
Parent Elements
Element | Description |
---|---|
Contains a collection of settings for the behavior of a service. |
Remarks
This section contains elements affecting authorization, custom role providers, and impersonation.
The principalPermissionMode attribute specifies the groups of users to use when authorizing use of a protected method. The default value is UseWindowsGroups and specifies that Windows groups, such as "Administrators" or "Users," are searched for an identity trying to access a resource. You can also specify UseAspNetRoles to use a custom role provider that is configured under the <system.web> element, as shown in the following code.
<system.web>
<membership defaultProvider="SqlProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear />
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SqlConn"
applicationName="MembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
<!-- Other configuration code not shown.-->
</system.web>
The following code shows the roleProviderName used with the principalPermissionMode attribute.
<behaviors>
<behavior name="ServiceBehaviour">
<serviceAuthorization principalPermissionMode ="UseAspNetRoles"
roleProviderName ="SqlProvider" />
</behavior>
<!-- Other configuration code not shown. -->
</behaviors>
For a detailed example of using this configuration element, see Authorizing Access to Service Operations and Authorization Policy.
See Also
Reference
ServiceAuthorizationElement
ServiceAuthorizationBehavior
Other Resources
Security Behaviors in WCF
Authorizing Access to Service Operations
How To: Create a Custom AuthorizationManager for a Service
How To: Restrict Access With the PrincipalPermissionAttribute
Authorization Policy
© 2007 Microsoft Corporation. All rights reserved.
Last Published: 2010-01-05